From e4e058decf80426a0547925313df431cb45b7aa5 Mon Sep 17 00:00:00 2001
From: Galen Charlton <gmc@esilibrary.com>
Date: Sun, 4 May 2014 20:14:09 +0000
Subject: [PATCH] Bug 7180: (follow-up) require an authenticated session to use
 the AJAX authval dropbox

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
---
 acqui/ajax-getauthvaluedropbox.pl | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/acqui/ajax-getauthvaluedropbox.pl b/acqui/ajax-getauthvaluedropbox.pl
index a655e22c91..6f5d2d58f0 100755
--- a/acqui/ajax-getauthvaluedropbox.pl
+++ b/acqui/ajax-getauthvaluedropbox.pl
@@ -50,6 +50,17 @@ use Modern::Perl;
 use CGI;
 use C4::Budgets;
 use C4::Charset;
+use C4::Auth qw/check_api_auth/;
+
+my $query = CGI->new();
+binmode STDOUT, ':encoding(UTF-8)';
+
+my ($status, $cookie, $sessionID) = check_api_auth($query, { catalogue => '*'} );
+unless ($status eq "ok") {
+    print $query->header(-type => 'text/plain', -status => '403 Forbidden');
+    print '<option></option>';
+    exit 0;
+}
 
 my $input = new CGI;
 my $name = $input->param('name');
-- 
2.39.2